- There is growing understanding of the need for genetic information to be shared with genetic relatives in some circumstances.
- Since 2006, s 95AA of the Privacy Act 1988 (Cwlth) has permitted the disclosure of genetic information to genetic relatives without the patient's consent, provided that the health practitioner reasonably believes that disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of the genetic relatives.
- Enabling guidelines were introduced in 2009. These were limited to the private sector, and excluded doctors working in the public sector at both Commonwealth and state and territory levels.
- Privacy legislation was amended in March 2014, and new Australian Privacy Principles, which replace the National Privacy Principles and Information Privacy Principles, now cover the collection and use of personal information.
- The Privacy Act and the Australian Privacy Principles now extend to practitioners employed by the Commonwealth but not to health practitioners working in state and territory public hospitals.
- In this article, I review these legislative developments and highlight the implications of the lack of uniformity and the consequent need for a collaborative, uniform approach by states and territories.
Recent reforms to the Privacy Act 1988 (Cwlth)1 have led to a single set of Australian Privacy Principles (APPs), replacing the former National Privacy Principles (NPPs) and Information Privacy Principles (IPPs). Although a key objective of the reforms was to ensure greater consistency on privacy regulation in Australia,2 the law surrounding disclosure of genetic information to at-risk genetic relatives varies across Australia.
Brief legislative history
Former NPP 2.1(ea) authorised the disclosure by health practitioners of genetic information to a genetic relative without the patient's consent if the health practitioner reasonably believed that disclosure was necessary to lessen or prevent a serious threat to the life, health or safety of an individual who is a genetic relative. The amended Privacy Act enabled the National Health and Medical Research Council to publish guidelines (approved by the Privacy Commissioner) on the use and disclosure of genetic information to a patient's genetic relatives under s 95AA of the Privacy Act in 2009.5 The substance of this approach is similar to that adopted in the United Kingdom.6
In 2014, the original guidelines were revised to comply with the Privacy Act reforms, but the substantive aspects remain unchanged.7
Onerous requirements are imposed on health practitioners who disclose genetic information to a genetic relative notwithstanding the patient's refusal to provide consent. Guideline 1 reflects the wording of s 95AA — that use or disclosure of genetic information without consent may proceed only when the authorising medical practitioner has a reasonable belief that this is necessary to lessen or prevent a serious threat to the life, health or safety of a genetic relative. The guidelines strongly urge the practitioner faced with this dilemma to strive to win patient consent for disclosure. The guidelines do not have the power of law, but practitioners can avoid actionable complaint by following them closely.
Experience in practice
The importance of the disclosure guidelines is best illustrated through an example. In families where there is a strong history of breast cancer, genetic testing is likely to be recommended to establish whether female genetic relatives of a patient affected carry the BRCA1 or BRCA2 mutation. Drawing on scenario 2 in the revised guidelines,7 a woman whose maternal grandmother had died of breast cancer at a young age and had tested positive for a mutation in the BRCA2 gene may be advised to undertake genetic testing for this mutation. In the event that the test proves positive, this information would be relevant for her genetic relatives (females and males, who can also be affected by breast cancer), and these relatives should be advised to make contact with a genetics service. In some instances, the patient may not wish to share this information. For example, as in the guidelines scenario, the patient may be willing to advise her own daughters but not other relevant family members (eg, sisters). In the event that there was a sustained refusal to allow any of the relevant genetic relatives to be contacted, the guidelines could be used to allow the patient's health practitioner to make disclosure to those relatives without the consent of the patient, as the threshold requirement of disclosure being “necessary to lessen or prevent a serious threat to the life, health or safety of his or her genetic relatives” would be satisfied.7
The actual use by Australian health practitioners of the disclosure exception in the legislation and accompanying guidelines is unclear. There appears to be some uncertainty regarding the operation of aspects of the legislation. Bonython8 and Arnold9 have suggested that some misunderstandings could arise. For example, doctors may think that if a patient declines to consent to notify their relatives, disclosure by the doctor may then occur. However, the preconditions for disclosure as set out in the guidelines require that the doctor counsels the patient to ensure that they have made an informed decision. In particular, guideline 3 states that “Reasonable steps must be taken to obtain the consent of the patient or his or her authorised representative to use or disclose genetic information” and gives guidance on appropriate processes when consent is withheld by, for example, respecting the patient's decision by allowing time for review of the decision and considering referral of the patient to a genetics service. It has also been suggested that there is insufficient differentiation between genetic and familial information, with the result that genetic information which cannot pose a risk to genetic relatives may be disclosed.8 This suggestion ignores the preconditions that must be met before disclosure without consent can be made, including guideline 1 noted above, which clearly confines disclosure to heritable information that is actionable.
Further, the guidelines seek to minimise the risks to the privacy of the genetic relative, specifying that disclosure should be limited to such information as necessary to communicate the increased risk. The sample letter, included in the guidelines, suggests that a general indication of genetic risk in the family will be given (where possible avoiding identification of the patient), thereby giving the genetic relative the opportunity to follow up and obtain further information if they wish. The guidelines (at 3.4) and the Privacy Act (s 16A) allow an APP entity to collect personal information (including contact details for genetic relatives) if it is unreasonable or impracticable to obtain the individual's consent to that collection, including circumstances where a person refuses to give consent to disclosure, and where that collection is necessary to give effect to disclosure to a genetic relative under the Privacy Act and guidelines.
The initial amendments allowing disclosure were limited to health practitioners in the private sector; there was no equivalent provision applying to health practitioners working for Commonwealth government agencies. Further, as the Commonwealth does not have the power to regulate state and territory authorities, which include public hospitals, it was always clear that to achieve comprehensive national coverage, parallel state and territory legislation would also be required.2
2014 Privacy Act amendments
More recently, privacy reforms have been introduced under the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cwlth), commencing March 2014. This was the first stage of implementation of the 2008 recommendations of the Australian Law Reform Commission.10 The amending legislation has led to the introduction of the APPs, which consolidate and replace the IPPs and NPPs, and cover the use and disclosure of health information under s 16B(4) of the Privacy Act. Revisions to the enabling s 95AA guidelines were also required; the 2009 version was rescinded and replaced with new guidelines in 2014,7 which replace all references to the NPPs with references to the new APPs. The recent privacy amendments have extended the exemption in relation to disclosure to health practitioners working for Commonwealth government agencies. However, there is still no uniformity because the exemption does not cover state and territory authorities, which include public hospitals.
A call for uniformity
A uniform approach to this issue is surely desirable. Data from the Australian Institute of Health and Welfare indicate that, of the employed medical practitioners in Australia in 2012, 29 834 worked in the public sector, 31 555 in the private sector and 16 497 in both.11 Currently, there is potential for health practitioners working across institutions and jurisdictions to be subject to conflicting regulations whereby they are legally able to disclose genetic information to genetic relatives in their capacity as health practitioners in the private sector but not if employed by a state or territory public health entity. Further, families may be spread across a number of states and it would be desirable if health practitioners only had to comply with a single uniform system. To ensure uniformity across Australia, proactivity is required from the states and territories to allow for disclosure to genetic relatives by health practitioners working for public hospitals. There are two options for securing a more consistent, national approach. States and territories could legislate to adopt s 16B(4) and s 95AA of the Privacy Act and the guidelines for their use or, alternatively, make their own provision through state and territory privacy legislation and guidelines.
The only states to currently make provision for disclosure of health information are South Australia (s 93(3)(c) and (e) of the Health Care Act 2008) and Victoria (Health Privacy Principle [HPP] 2.2(h)(i) of the Health Records Act 2001). However, the South Australian provision is cast in general terms and is not specific to genetic information, while the Victorian provision has limited applicability to genetic information as it requires the risk to be both serious and imminent before disclosure is permitted.
New South Wales passed an amending Act to the Health Records and Information Privacy Act 2002 (the Health Legislation Amendment Act 2012), which specifically covers the disclosure of genetic information. This amends the NSW HPPs in the Health Records and Information Privacy Act, making them consistent with the Commonwealth s 95AA guidelines.12 This will allow disclosure of genetic information to genetic relatives when there is a reasonable belief that this is necessary to lessen or prevent a serious threat to life, health or safety of genetic relatives (HPP 11(1)(c1)).
It is now incumbent on other states and territories to follow, by legislatively adopting the Commonwealth legislation and guidelines or enacting their own legislation and guidelines to allow for disclosure in appropriate circumstances. It is nonsensical that the capacity for a health practitioner to disclose genetic information to genetic relatives without the patient's consent depends on whether they work in the private or public sector. Clearly, a more uniform approach should be the goal, consistent with the thrust of the Australian Law Reform Commission recommendations,10 but it requires a cooperative approach to be taken on this important issue.
Provenance: Not commissioned; externally peer reviewed.
- 1. Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cwlth).
- 2. Australian Law Reform Commission, Australian Health Ethics Committee. Essentially yours: protection of the human genetic information in Australia (ALRC Report 96). Sydney: ALRC, 2003.
- 3. Otlowski MF. Disclosure of genetic information to at-risk relatives: recent amendments to the Privacy Act 1988 (Cwlth). Med J Aust 2007; 187: 398-399. <MJA full text>
- 4. Otlowski M. Australian reforms enabling disclosure of genetic information to genetic relatives by health practitioners. J Law Med 2013; 21: 217-234.
- 5. National Health and Medical Research Council, Office of the Privacy Commissioner. Use and disclosure of genetic information to a patient's genetic relatives under section 95AA of the Privacy Act 1988 (Cth). Guidelines for health practitioners in the private sector. Canberra: NHMRC, 2009. https://www.nhmrc.gov.au/_files_nhmrc/publications/attachments/e96.pdf (accessed Apr 2014).
- 6. Royal College of Physicians, Royal College of Pathologists, British Society for Human Genetics. Consent and confidentiality in clinical genetic practice: guidance on genetic testing and sharing genetic information, 2nd ed. Report of the Joint Committee on Medical Genetics. London: RCP, RCPath, 2011. http://www.bsgm.org.uk/media/678746/consent_and_confidentiality_2011.pdf (accessed Mar 2014).
- 7. National Health and Medical Research Council. Use and disclosure of genetic information to a patient's genetic relatives under section 95AA of the Privacy Act 1988 (Cth). Guidelines for health practitioners in the private sector. Canberra: NHMRC, 2014. http://www.nhmrc.gov.au/_files_nhmrc/publications/attachments/pr3_use_of_genetic_information_s95aa_140311.pdf (accessed Apr 2014).
- 8. Bonython W, Arnold B. Disclosure “downunder”: misadventure in Australian genetic privacy law. J Med Ethics 2014; 40: 168-172.
- 9. Arnold BB. Why loosening genetic privacy law is a recipe for fear and frustration. The Conversation 2011; 23 Jun. https://theconversation.com/why-loosening-genetic-privacy-law-is-a-recipe-for-fear-and-frustration-1061 (accessed Mar 2014).
- 10. Australian Law Reform Commission. For your information: Australian privacy law and practice (ALRC Report 108). Sydney: ALRC, 2008.
- 11. Australian Institute of Health and Welfare. Medical workforce 2012. (National Health Workforce Series No. 8; Cat. No. 8.) Canberra: AIHW, 2014. http://www.aihw.gov.au/WorkArea/DownloadAsset.aspx?id=60129546076 (accessed Mar 2015).
- 12. Information and Privacy Commission New South Wales. Use and disclosure of genetic information to a patient's genetic relatives: guidelines for organisations in NSW, draft. Sydney: IPC, 2014. http://www.haveyoursay.nsw.gov.au/assets/Uploads/Draft-NSW-Use-and-Disclosure-of-Genetic-Information-guidelines.pdf (accessed Mar 2014).
Publication of your online response is subject to the Medical Journal of Australia's editorial discretion. You will be notified by email within five working days should your response be accepted.